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CLAIMS 

1. A repeater device that receives from an adjacent 
repeater device a signature for controlling a passage of a 
packet and sends the signature received to another adjacent 

5 repeater device, wherein the repeater device 

determines whether to send the signature to the 
another adjacent repeater device based on the signature 
received from the adjacent repeater device, and 

sends the signature received from the adjacent 
10 repeater device to the another adjacent repeater device 

when the repeater device determines that the signature is 
to be sent to the another adjacent repeater device. 

2 . The repeater device according to claim 1 , further 
15 comprising: 

an attack presence determining unit that monitors 
whether there is a packet that satisfies a condition of the 
signature received from the adjacent repeater device, and 
determines whether there is an attack by the packet; and 
20 a signature sending unit that sends the signature 

received from the adjacent repeater device to the another 
adjacent repeater device when the attack presence 
determining unit determines that there is an attack. 

25 3. The repeater device according to claim 2, wherein 

the attack presence determining unit includes a packet 
number determining unit that determines whether a number of 
packets that satisfy a condition of the signature received 
from the adjacent repeater device within a unit time 
30 exceeds a predetermined threshold, and 

the signature sending unit sends the signature 
received from the adjacent repeater device to the another 
adjacent repeater device when the packet number determining 
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unit determines that the number of packets within the unit 
time exceeds the predetermined threshold. 

4. The repeater device according to claim 3, wherein 
5 when the packet number determining unit determines 

that the number of packets within the unit time exceeds the 
predetermined threshold, the attack presence determining 
unit further includes a continuous exceeding number 
determining unit that determines whether a number of times 

10 that the predetermined threshold is continuously exceeded 
exceeds a predetermined value, and 

the signature sending unit sends the signature 
received from the adjacent repeater device to the another 
adjacent repeater device when the continuous exceeding 

15 number determining unit determines that the number of times 
exceeds the predetermined value. 

5. The repeater device according to claim 2, 3, or 4, 
wherein the signature sending unit sends the signature to 

20 another adjacent repeater device other than the adjacent 

repeater device from which the signature is received among 
all adjacent repeater devices. 

6. The repeater device according to claim 1, further 
25 comprising: 

a signature storage unit that stores the signature 
received; 

a signature registration determining unit that 
determines whether the signature received from the adjacent 
30 repeater device is already registered in the signature 
storage unit; and 

a signature communicating unit that registers the 
signature received from the adjacent repeater device in the 
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signature storage unit when the identification information 
determining unit determines that the signature is not yet 
registered, and sends the signature to the another adjacent 
repeater device. 

5 

7. The repeater device according to claim 6, wherein 
the signature storage unit stores the signature in 

correspondence with generation identification information 
that uniquely identifies each signature generated, 

10 the signature registration determining unit determines 

whether generation identification information of the 
signature received from the adjacent repeater device is 
already registered in the signature storage unit, and 
the signature communicating unit registers the 

15 signature and the generation identification information 

received from the adjacent repeater device in the signature 
storage unit when the signature registration determining 
unit determines that the generation identification 
information is not yet registered in the signature storage 

20 unit, and sends the signature and the generation 

identification information received to the another adjacent 
repeater device . 

8. The repeater device according to claim 7, further 
25 comprising: 

a signature generating unit that generates, when a 
suspicious attacking packet is detected, a signature and 
generation identification information of the signature, 
wherein 

30 the signature generating unit sends the signature and 

the generation identification information to the another 
adjacent repeater device, and registers relay destination 
information that specifies an adjacent repeater device that 
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is a relay destination, the generation identification 
information, and the signature in correspondence with each 
other in the signature storage unit. 

5 9. The repeater device according to claim 8, wherein 
when the signature registration determining unit 
determines that the generation identification information 
of the signature received from the adjacent repeater device 
is not yet registered in the signature storage unit, the 

10 signature communicating unit sends the signature and the 
generation identification information received from the 
adjacent repeater device to the another adjacent repeater 
device, and registers relay source information that 
specifies an adjacent repeater device that is a relay 

15 source immediately before the signature, relay destination 
information that specifies an adjacent repeater device that 
is a relay destination immediately after the signature, the 
generation identification information, and the suspicious 
signature in correspondence with each other in the 

20 signature storage unit, 

the signature registration determining unit further 
determines, when the generation identification information 
of the signature received from the adjacent repeater device 
is already registered in the signature storage unit, 

25 whether relay source information registered in 

correspondence with the generation identification 
information is same as relay source information of the 
signature received from the adjacent repeater device, and 
when the signature registration determining unit 

30 determines that the generation identification information 

is already registered in the signature storage unit but the 
relay source information of the signature received is same 
as the relay source information registered, the signature 
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communicating unit registers the signature received from 
the adjacent repeater device over the signature registered 
in the signature storage unit, and sends the signature 
received to another adjacent repeater device indicated by 
5 the relay destination information registered in the 
signature storage unit. 

10. The repeater device according to claim 9, wherein 
the signature communicating unit returns, when the 

signature registration determining unit determines that the 
relay source information of the signature received is 
different from the relay source information of the 
signature registered, an already registered notification 
indicating that the signature is already registered to the 
adjacent repeater device that is the relay source of the 
signature, and 

deletes, when the already registered notification is 
received from another repeater device, relay destination 
information corresponding to the adjacent repeater device 
from the relay destination information stored in the 
signature storage unit. 

11. A network attack protection system including a 
plurality of repeater devices that receives from an 

25 adjacent repeater device a signature for controlling a 
passage of a packet and sends the signature received to 
another adjacent repeater device, wherein each of the 
repeater devices includes 

an attack presence determining unit that monitors 
30 whether there is a packet that satisfies a condition of the 
signature received from the adjacent repeater device, and 
determines whether there is an attack by the packet, and 
a signature sending unit that sends the signature 



15 



94 



received from the adjacent repeater device to the another 
adjacent repeater device when the attack presence 
determining unit determines that there is an attack. 

12. A network attack protection system including a 
plurality of repeater devices that receives from an 
adjacent repeater device a signature for controlling a 
passage of a packet, registers the signature received in a 
signature storage unit, controls the passage of the packet, 
and sends the signature received to another adjacent 
repeater device, wherein each of the repeater devices 
includes 

a signature registration determining unit that 
determines whether the signature received from the adjacent 
repeater device is already registered in the signature 
storage unit, and 

a signature communicating unit that registers the 
signature received from the adjacent repeater device in the 
signature storage unit when the identification information 
determining unit determines that the signature is not yet 
registered, and sends the signature to the another adjacent 
repeater device. 

13. A relaying method performed by a repeater device that 
25 receives from an adjacent repeater device a signature for 

controlling a passage of a packet and sends the signature 
received to another adjacent repeater device, the relaying 
method comprising : 

an attack presence determining step of monitoring 
30 whether there is a packet that satisfies a condition of the 
signature received from the adjacent repeater device, and 
determining whether there is an attack by the packet; and 

a signature sending step of sending the signature 
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received from the adjacent repeater device to the another 
adjacent repeater device when it is determined at the 
attack presence determining step that there is an attack. 

5 14. The relaying method according to claim 13 , wherein 

the attack presence determining step includes a packet 
number determining step of determining whether a number of 
packets that satisfy a condition of the signature received 
from the adjacent repeater device within a unit time 
10 exceeds a predetermined threshold, and 

the signature received from the adjacent repeater 
device is sent to the another adjacent repeater device at 
the signature sending step when it is determined at the 
packet number determining step that the number of packets 
15 within the unit time exceeds the predetermined threshold. 

15. The relaying method according to claim 14, wherein 
the attack presence determining step further includes 

a continuous exceeding number determining step of 
20 determining whether a number of times that the 

predetermined threshold is continuously exceeded exceeds a 
predetermined value when it is determined at the packet 
number determining step that the number of packets within 
the unit time exceeds the predetermined threshold, and 
25 the signature received from the adjacent repeater 

device is sent to the another adjacent repeater device at 
the signature sending step when it is determined at the 
continuous exceeding number determining step that the 
number of times exceeds the predetermined value. 

30 

16. The relaying method according to claim 13, 14, or 15, 
wherein the signature is sent to another adjacent repeater 
device other than the adjacent repeater device from which 
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the signature is received among all adjacent repeater 
devices at the signature sending step. 

17. A relaying method for receiving from an adjacent 

5 repeater device a signature for controlling a passage of a 
packet , registering the signature received in a signature 
storage unit, controlling the passage of the packet, and 
sending the signature received to another adjacent repeater 
device, wherein the relaying method includes 

10 a signature registration determining step of 

determining whether the signature received from the 
adjacent repeater device is already registered in the 
signature storage unit, and 

a signature communicating step of registering the 

15 signature received from the adjacent repeater device in the 
signature storage unit when it is determined at the 
identification information determining step that the 
signature is not yet registered, and sends the signature to 
the another adjacent repeater device. 

20 

18. The relaying method according to claim 17, wherein 
the signature storage unit stores the signature in 

correspondence with generation identification information 
that uniquely identifies each signature generated, 

25 the signature registration determining step includes 

determining whether generation identification information 
of the signature received from the adjacent repeater device 
is already registered in the signature storage unit, and 

the signature communicating step includes registering 

30 the signature and the generation identification information 
received from the adjacent repeater device in the signature 
storage unit when it is determined at the signature 
registration determining step that the generation 
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identification information is not yet registered in the 
signature storage unit, and sending the signature and the 
generation identification information received to the 
another adjacent repeater device. 

5 

19. The relaying method according to claim 18 , further 
comprising : 

a signature generating step of generating, when a 
suspicious attacking packet is detected, a signature and 
10 generation identification information of the signature, 
wherein 

the signature generating step includes sending the 
signature and the generation identification information to 
the another adjacent repeater device, and registering relay 
15 destination information that specifies an adjacent repeater 
device that is a relay destination, the generation 
identification information, and the signature in 
correspondence with each other in the signature storage 
unit . 

20 

20. A relaying program that causes a computer to function 
as a repeater device that receives from an adjacent 
repeater device a signature for controlling a passage of a 
packet and sends the signature received to another adjacent 

25 repeater device, the relaying program causing the repeater 
device to execute: 

an attack presence determining step of monitoring 
whether there is a packet that satisfies a condition of the 
signature received from the adjacent repeater device, and 
30 determining whether there is an attack by the packet; and 
a signature sending step of sending the signature 
received from the adjacent repeater device to the another 
adjacent repeater device when it is determined at the 
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attack presence determining step that there is an attack. 

21. The relaying program according to claim 20, wherein 

the attack presence determining step includes a packet 
5 number determining step of determining whether a number of 
packets that satisfy a condition of the signature received 
from the adjacent repeater device within a unit time 
exceeds a predetermined threshold, and 

the signature received from the adjacent repeater 
10 device is sent to the another adjacent repeater device at 
the signature sending step when it is determined at the 
packet number determining step that the number of packets 
within the unit time exceeds the predetermined threshold. 

15 22. The relaying program according to claim 21, wherein 

the attack presence determining step further includes 
a continuous exceeding number determining step of 
determining whether a number of times that the 
predetermined threshold is continuously exceeded exceeds a 

20 predetermined value when it is determined at the packet 

number determining step that the number of packets within 
the unit time exceeds the predetermined threshold, and 
the signature received from the adjacent repeater 
device is sent to the another adjacent repeater device at 

25 the signature sending step when it is determined at the 
continuous exceeding number determining step that the 
number of times exceeds the predetermined value. 

23. The relaying program according to claim 20, 21, or 22, 
30 wherein the signature is sent to another adjacent repeater 
device other than the adjacent repeater device from which 
the signature is received among all adjacent repeater 
devices at the signature sending step. 
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24. A relaying program that causes a computer to function 
as a repeater device that receives from an adjacent 
repeater device a signature for controlling a passage of a 

5 packet, registers the signature received in a signature 
storage unit, controlling the passage of the packet, and 
sends the signature received to another adjacent repeater 
device, the relaying program causing the repeater device to 
execute : 

10 a signature registration determining step of 

determining whether the signature received from the 
adjacent repeater device is already registered in the 
signature storage unit, and 

a signature communicating step of registering the 

15 signature received from the adjacent repeater device in the 
signature storage unit when it is determined at the 
identification information determining step that the 
signature is not yet registered, and sends the signature to 
the another adjacent repeater device. 

20 

25. The relaying program according to claim 24, wherein 
the signature storage unit stores the signature in 

correspondence with generation identification information 
that uniquely identifies each signature generated, 

25 the signature registration determining step includes 

determining whether generation identification information 
of the signature received from the adjacent repeater device 
is already registered in the signature storage unit, and 

the signature communicating step includes registering 

30 the signature and the generation identification information 
received from the adjacent repeater device in the signature 
storage unit when it is determined at the signature 
registration determining step that the generation 



100 



identification information is not yet registered in the 
signature storage unit, and sending the signature and the 
generation identification information received to the 
another adjacent repeater device. 

26. The relaying program according to claim 25, further 
comprising : 

a signature generating step of generating, when a 
suspicious attacking packet is detected, a signature and 
generation identification information of the signature, 
wherein 

the signature generating step includes sending the 
signature and the generation identification information to 
the another adjacent repeater device, and registering relay 
destination information that specifies an adjacent repeater 
device that is a relay destination, the generation 
identification information, and the signature in 
correspondence with each other in the signature storage 
unit . 



